Re: Empty but existing resource | Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Action: draft-ietf-httpbis-http2-encryption-07.txt

On 7 October 2016 at 16:49, Mike Bishop <> wrote:
> The client isn't requesting additional functionality via Opp-Sec, but
> gaining a way to double-check the alternative's intent/ability to play along
> when the initial reference was vulnerable to meddling.  (Unless we're
> proposing to update RFC 7838 by adding that MUST?)

Nah, updates aren't necessary, we're just looking for belts AND braces
on this stuff.  We have some evidence that scheme isn't routinely
looked at in the critical parts of the stack, so this is in response
to that.  Yep, it's paranoid.

Received on Friday, 7 October 2016 08:34:30 UTC